BlackRose
This is Nexus One custom bootloader(Based on HBOOT 0.35.2017)
FEATURE
Security OFF
None padlock mark even unlocked
Password protection
Engineering command
BlackRose custom command
Change boot logo
Resize Partition
Select menu by pressing trackball
Switch vibration at boot
CRC32 check function
Prevent overwrite HBOOT by RUU
Click to expand...
Click to collapse
REQUIRE
Windows PC or Linux PC
USB Debugging(ADB) ON(Setting-Application-Development-USB Debugging)
Connect USB before execute BlackRose installer
ADB and Fastboot USB Driver - Windows
http://www.mediafire.com/?bhxmn903d6cz9eg
Click to expand...
Click to collapse
GO
Windows PC: BlackRose.exe
Linux PC: BlackRose
Possible argument
skip: go to blackrose menu immediatly(not recommand because hboot version check step is skipped)
editor: go to blackrose editor(standalone)
Guide
Install
http://www.youtube.com/watch?v=cC7nyRxVvk4
Uninstall
http://www.youtube.com/watch?v=mGrnDsSrS5s
Update(from 120215)
http://www.youtube.com/watch?v=TK5kepkO9oI
Resize partition
http://www.youtube.com/watch?v=ScIMetgk7Zw
Execute BREditor(standalone)
http://www.youtube.com/watch?v=FSbSL4kUloQ
*.Those who using older version custom BlackRose(eg.111231), Since older version can't communicate with BlackRose installer so you need to follow my direction.
Once you follow my direction, you no need to do this later
1.customize same as previous partition layout using BlackRose editor(view "execute BREditor")
2.fastboot flash hboot hboot_brcust.nb0
3.fastboot reboot
*.If you are using MAC OSX and failed to install by using installer,
Download blackrose_manual_120421.zip and follow instruction in zip file
Click to expand...
Click to collapse
Change Log
120421
Disable password protection (temporary)
*.As you know, there is no way to recover password.
That's why I designed 2nd password.
I received many message about forget password.
So I decided to disable password protection until I design new solution.
Fix stock BlackRose partition layout label.
120216
Bootloader(HBOOT)
Add new function(I will not reveal, It doesn't matter for normal user)
120215
Bootloader(HBOOT)
Change message when protected by password (not allowed -> protected)
Add bootloader commandline in order to communicate BlackRose installer
Installer
Now surpport below HBOOT version
0.33.0012
0.33.2012
0.35.0017
0.35.2017
7.35.5017(BlackRose)
Recreate program (not rebuild but recreate )
1.BREditor has merged
2.Install process has revemped
3.Communicate with HBOOT
4.Convenient,Optimized
5.ETC
* Since i'm not god, please feel free to report bug)
111231
Happy New Year!
HBOOT(Bootloader)
Update release date(because it's the last day of 2011)
Installer and Editor
Common: Execute file is not packed (fix ploblem executable-file deleted by Virus Scanner)
Installer: Improve install process
Update exploit
Installer: Fix install bug(perfectly, 111231_2)
Installer: Improve installer(111231_3)
Editor: Bug fix(111231_3)
111217
HBOOT(Bootloader)
New CRC32 function
(this function is used for make custom bootloader)
Installer and Editor
Installer: Can flash ANY bootloader
Editor: Show warning message when set password
Editor: bug fix(partition and "understand" bug,111217_2)
111208
HBOOT(Bootloader)
Password protection
rebase blackrose custom command
remove unlock, lock command
remove simlock menu(replaced powerdown)
remove clearstorage menu(replaced reboot)
display off, on message when switch vibration at boot
add extension label(no more identify 5017 or 5117)
bug fix(getvar version)
cleanup
Installer and Editor
improve blackrose installer
new blackrose editor(you must use this)
breditor: make it clear(password -> protection)(111208_2)
breditor: password bug fix(111208_3)
111128
fix BlackRose custom command ploblem(brcmd 5)
improve BlackRose installer
111126
select menu by using trackball instead of power key(default)
*.I analysed key dispatch routine perfectly and revamped routine.
I recommand update BlackRose 111126 because that is better than 111125
fix key label
111125
switch trackball selection (permanent!!!, view advenced section)
etc
111118
HBOOT(Bootloader)
can't flash image without signature when S-ON
(can't flash by unsigned RUU, while can flash by flash command? that's not fair.)
change command (oem brset -> oem brcmd)
new command (brcmd 2, brcmd 5)
Installer
can apply custom partition blackrose (view Advenced section, more easily)
can update blackrose from custom partition blackrose. (view update section)
can install blackrose even you dosen't achieve adb root permission(111118_2)
fix BlackRose windows installer error(111118_3)
rebase BlackRose installer(111118_4)
fix BlackRose installer error(111118_5)
111111
change title color
can flash some image(boot,recovery,system,userdata,radio,zimage) even S-ON and locked bootloader
rework writemainver(reason:when you uninstall blackrose, stored mainversion will be cleared.)
add custom command(fastboot oem brset)
can switch vibration during at boot
can select by pressing trackball (View Advenced section in BlackRose Installer)
optimization and cleanup
can install BlackRose on linux (111111_2)
fix BlackRose linux installer error (111111_3)
111009
When you update ROM(by PASSIMG, RUU), BlackRose doesn't write new mainver
111006
New based on 0.35.2017(Engineering HBOOT) - Thanks to PhaseBurn
Original Image(0.35.2017): http://forum.xda-developers.com/showpost.php?p=18141273&postcount=116
None padlock mark(even you unlocked bootloader)
Prevent overwrite HBOOT by OTA or RUU
Disable fastboot command(oem unlock), because no need to unlock bootloader
Can receive Google OTA
Click to expand...
Click to collapse
FAQ
1.Phone is brick, dosen't turn on screen
You have flashed unsigned RADIO
If you want unbrick your phone, The answer is JTAG or HTC Service Center(The engineer can refuse to repair your phone)
2.Can I lock bootloader again?
To relock the bootloader, You have to achieve radio S-OFF(secu_flag=0), otherwise you would see the error [Lock Failed]
3.How to achieve radio S-OFF?
[email protected]=7,0 or [email protected]=8,0
I disassembled radio(AMSS)
it need HTC Special SIM-CARD or SIM-EMULATOR(XTC-CLIP)
but...
If we can disable SMI-MPU and modify only one byte to AMSS routine on SDRAM
We can achive Radio S-OFF without HTC-Special-CARD.
4.I can't update radio by using recovery.
If cache partition size less than radio image, you couldn't update radio by using recovery.
so I suggest a way to update radio
fastboot flash radio [RADIO IMAGE(e.g radio.img)]
5.I can't see my device when execute BlackRose installer
If you are using sense rom, adb device isn't worked.
You must install htc sync.
Click to expand...
Click to collapse
-Thanks for your favor-
Donation
rugmankc
efrant
madj42
fzr-r4
texasice
gdarren
WOW, I cannot appreciate it enough
Click to expand...
Click to collapse
Lecahel
Supplement
BlackRose custom command
fastboot oem brcmd [command]
svib : Enable/Disable vibration during at boot (Output string is none. but setting will be changed.)
brec : Go to recovery mode
pass [password]: Create encrypted password/Authentication
Click to expand...
Click to collapse
Change boot logo
1.Prepare 480*800 bmp file to change
2.nbimg.exe -F [BMP FILE] -n
3.rename *.nb file to splash1.img
4.fastboot flash splash1 [SPLASH1 IMG]
Click to expand...
Click to collapse
Password Protection
1.fastboot oem brcmd pass [ORIGINAL PASSWORD]
2.Note your encrypted value
3.Input encrypted value in BREditor
4.Apply custom BlackRose
NEVER input original password in BREditor
If you would like to unlock protection
fastboot oem brcmd pass [ORIGINAL PASSWORD]
TIP
If lock state, oem pass command work as unlock method
Otherwise, work as create encrypted password
If you type wrong password third in a row, device is turned off
Click to expand...
Click to collapse
Apply custom BlackRose
*.If you use BlackRose installer method, no need to read
Apply
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader
If you will change partition layout
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader
3.fastboot erase cache
4.fastboot oem brcmd brec
5.full wipe
6.update rom
7.reboot
Click to expand...
Click to collapse
maybe its too early in the morning,.... but huh?
It means - a hack that allows flashing anything anywhere as long as the hack is present. So, theoretically, if anyone would modify the bootloader code (done earlier in this thread, AFAIK) to allow bypassing security, this hack will allow flashing it. Also, possibly, this hack will allow flashing engineering bootloader.
Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?
blunden said:
Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?
Click to expand...
Click to collapse
Yes, we can do anything(except radio)
I found hidden functions during disassemble hboot
saveprt2sd, savemem2sd, mw etc...
i temporary changed oem lock function to saveprt2sd and it worked.
I found 0.33.2012 hboot(ENG) image
but since I use SLCD Nexus One, I couldn't flashing
Blackrose has potential
Sent from my Nexus One using XDA App
Post Changed.
doesn't work, still fails the signature verification.
It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/
EDIT: Works perfectly. Got an S-off.
rjmohit said:
It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/
Click to expand...
Click to collapse
didn't see anything to bypass the signature verification during the process.. i thought the only way to let the bootloader accept the image is that the file itself has a valid signature? how can you flash the image directly then..? o_o
mistake
maddie said:
didn't see anything to bypass the signature verification during the process.. i thought the only way to let the bootloader accept the image is that the file itself has a valid signature? how can you flash the image directly then..? o_o
Click to expand...
Click to collapse
OOPS, I made mistake.
I uploaded again.
Maybe this worked well...
Please report to me.
dla5244 said:
OOPS, I made mistake.
I uploaded again.
Maybe this work well...
Please report to me.
Click to expand...
Click to collapse
OK, it works now. Bootloader now S-OFF!
Great work! ;-)
BTW my Nexus One is unlocked.
maddie said:
OK, it works now. Bootloader now S-OFF!
Great work! ;-)
BTW my Nexus One is unlocked.
Click to expand...
Click to collapse
Congratulations!
also you can flash hboot, splash1, etc via fastboot flash command.
dla5244 said:
Congratulations!
also you can flash hboot, splash1, etc via fastboot flash command.
Click to expand...
Click to collapse
Yes, I'm aware of that. It's good enough for me to just get rid of the annoying lock icon on the boot screen. ;-)
And what is the gate.img exactly? I noticed that it was flashed as "boot" in fastboot, so I flashed my original kernel afterwards without booting into system. Will it in any way affect the original system?
maddie said:
Yes, I'm aware of that. It's good enough for me to just get rid of the annoying lock icon on the boot screen. ;-)
And what is the gate.img exactly? I noticed that it was flashed as "boot" in fastboot, so I flashed my original kernel afterwards without booting into system. Will it in any way affect the original system?
Click to expand...
Click to collapse
sorry my english.
No, 'fastboot boot' command not affect original system.
boot command means what copy kernel image to RAM and execute.
gate.img is exploit image(not kernel).
As soon as gate.img executed, it change bootloader codes on RAM
that's why you can flashed custom-hboot on stock hboot.
dla5244 said:
sorry my english.
No, 'fastboot boot' command not affect original system.
boot command means what copy kernel image to RAM and execute.
gate.img is exploit image(not kernel).
As soon as gate.img executed, it change bootloader codes on RAM
that's why you can flashed custom-hboot on stock hboot.
Click to expand...
Click to collapse
Your English is good enough to understand!
I see, I thought it was "flash" instead of "boot".
Thanks for your great work!
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
intersectRaven said:
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
Click to expand...
Click to collapse
When I first saw this progress, that is what I was hoping would come of this...
intersectRaven said:
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
Click to expand...
Click to collapse
Uh oh! IR has some ideas brewing...
S-off success
Sent from my Nexus One using Tapatalk
Related
I CAN'T RELOCK THE BOOTLOADER!!!
This only reverts your SPL/HBOOT back to 0.33.0012 after you've installed the Korean FRF91 files and ended up stuck with 0.35.0017 SPL.
Thanks to the guys in the Desire forums and help from the Nexus Q&A, I have reverted my phone to the original HBOOT so I can apply custom roms again.
First you need to root the Korean FRF91 that's on your phone using Paul's instructions for superboot FRF83.
If you are rooted already, skip this step.
http://android.modaco.com/content/g...-erd79-frf83-superboot-rooting-the-nexus-one/
You need to download the EPF30 update, save it to your SD card as PASSIMG.zip.
http://shipped-roms.com/shipped/Passion%20(Nexus%20One)/PASSIMG_Passion_Google_WWE_1.14.1700.1_EPF30_release_signed.zip
Create a new mtd0.img file through this site
http://ks33673.kimsufi.com/misc/
I used the values, CID: 11111111 and Rom version: 0.22.997.0
Save the mtd0.img file to you PC.
Download the flash_image binary (right click, save as)
http://benocharm.lensworks.org/flash_image
Make sure it's saved as flash_image, and not flash_image.txt
If it has a Notepad icon, then it's not saved right.
With mtd0.img and flash_image in the same folder, type these commands from within that directory:
Code:
adb push flash_image /data/flash_image
adb push mtd0.img /data/mtd0.img
adb shell
chmod 755 /data/flash_image
/data/flash_image misc /data/mtd0.img
NOTE: After flashing the MISC partition with the MTD0 from the Desire, you will notice that you have an HTC logo on your phone.
No worries, this goes away after reflashing the EPF30 Nexus One PASSIMG.zip package.
Power off your phone, then turn it on by holding VolDown and pressing Power.
It will start up in HBOOT mode and will prompt you to flash the EPF30 PASSIMG.zip update.
Once this is finished you can root the EPF30 system through Paul's superboot instructions above, then use Rom Manager from the market to apply a custom recovery again.
Now, remember not to flash the new HBOOT again.
I'd recommend flashing the 5.08 radio for the N1 through other means. Search the forum to find the instructions.
Reserved.
Thanks a lot cursordroid.
Finally I managed to downgrade my hboot.
I could save several steps as my phone is unlocked.
So I just needed to:
- make a nandroid backup
- Go through the steps of flashing mtd0.img
- Apply PASSIMG.zip file
- Through fastboot re-install a custome recovery image
- Nandroid restore
Thanks!
rommelin said:
Thanks a lot cursordroid.
Finally I managed to downgrade my hboot.
I could save several steps as my phone is unlocked.
So I just needed to:
- make a nandroid backup
- Go through the steps of flashing mtd0.img
- Apply PASSIMG.zip file
- Through fastboot re-install a custome recovery image
- Nandroid restore
Thanks!
Click to expand...
Click to collapse
That sounds like it should work, except I'm not sure fastboot accepts unsigned recovery images, you might still need to use Rom Manager to flash one.
YMMV
WTF! This can relock the bootloader?
Where is the link to the latest HBOOT?????????????
cursordroid said:
That sounds like it should work, except I'm not sure fastboot accepts unsigned recovery images, you might still need to use Rom Manager to flash one.
YMMV
Click to expand...
Click to collapse
Just did it
You can definitely flash the recovery directly from bootloader when the phone is unlocked.
I forgot to mention one extra step I took.
Delete through adb the PASSIMG.zip file from the sdcard before trying to enter in bootloader and flash the recovery.
For that, I just needed to boot the stock firmware, enable usb debugging mode and:
#adb shell rm /sdcard/PASSIMG.zip
So if I upgrade I loose root? then i root and reflash stock PASSIMG.zip with original HBOOT after flashing Desire hboot I can get stock bootloader meaning? Security gets disabled when using HTC HBoot? so i can relock my bootloader then update using PASSIMG??????????????
I dont think youve realized how happy you made everyone on this forum is you figured out you can relock the bootloader lol!
I CAN'T RELOCK THE BOOTLOADER!!!
This only reverts your SPL/HBOOT back to 0.33.0012 after you've installed the Korean FRF91 files and ended up stuck with 0.35.0017 SPL.
cursordroid said:
This only reverts your SPL/HBOOT back to 0.33.0012
Click to expand...
Click to collapse
And that's already a lot
Not being able to install or upgrade to any signed build (like recent CM 6.0) including official ones... is not funny. It's really annoying.
Going back to normal is lik
e having a new phone again
Then, what does 0.35.0017 do, if not locking the Nexus?
i'm getting an error saying incorrect cid. i actually have korean nexus one. i've been following all the steps but stuck when i try to flash the rom with passimg. big error msg saying incorrect cid. what to do now?
I can also confirm that this method worked with me. Initially screwed by the Korean ROM, but now back to the old bootloader. Thanks!!
i have tried all the method there and followed all the stuff, but it just won't let me flash passimg.zip. i keep getting cid incorrect. any solution people?
evank418 said:
i have tried all the method there and followed all the stuff, but it just won't let me flash passimg.zip. i keep getting cid incorrect. any solution people?
Click to expand...
Click to collapse
Are you using CID value: 11111111?
Yes and it didn't work. Also tried Googl001 but didn't work either. I actually do have Korean nexus one maybe that's why???? Any solution?
Sent from my HTC Legend using XDA App
@cursordroid help me
i'm a newbie, i don't know much about these, but i have installed Korean FRF91
After seeing u'r post i was happy that i could revert back now, but i don't know how to do
i have followed u'r post but i'm stuck in the middle.................
i have created that two files and downloaded EPF30 update.............
where to enter these commands
adb push flash_image /data/flash_image
adb push mtd0.img /data/mtd0.img
adb shell
chmod 755 /data/flash_image
/data/flash_image misc /data/mtd0.img
i have windows 7..............
please help me
my emailid [email protected]
thank you
No need for the help!
I'm back to erd79
evank418 said:
Yes and it didn't work. Also tried Googl001 but didn't work either. I actually do have Korean nexus one maybe that's why???? Any solution?
Sent from my HTC Legend using XDA App
Click to expand...
Click to collapse
Well, if you have a korean one, i'm not sure if there is anything different in that version.
Can you write down all the details from the bootloader screen?
What's the problem with the newer bootloader? Why even downgrade?
rommelin said:
Well, if you have a korean one, i'm not sure if there is anything different in that version.
Can you write down all the details from the bootloader screen?
Click to expand...
Click to collapse
nexusone pvt ship s-on
hboot-0.35.0017
microp-0b15
touch panel-synt0103
radio-5.00.00.04
june 14 2010,12:02:27
Hiya!
I've disassembled hboot-0.35.0017 for the nexus one. Security check is done by a function that I have patched.
I attached my current IDA (5.5) Database. Patched HBOOT can be found here.
We still need a method/exploit to flash this modified HBOOT on our device so we can have S-OFF.
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
jdmoore81 said:
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
rolle3k said:
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
Click to expand...
Click to collapse
Awesome! even if I don't exactly know the variables in play this sounds good and exciting
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
As far as I understood this:
Code:
/* Bootloader / Recovery Flow
*
* On every boot, the bootloader will read the bootloader_message
* from flash and check the command field. The bootloader should
* deal with the command field not having a 0 terminator correctly
* (so as to not crash if the block is invalid or corrupt).
*
* The bootloader will have to publish the partition that contains
* the bootloader_message to the linux kernel so it can update it.
*
* if command == "boot-recovery" -> boot recovery.img
* else if command == "update-radio" -> update radio image (below)
* else if command == "update-hboot" -> update hboot image (below)
* else -> boot boot.img (normal boot)
*
* Radio/Hboot Update Flow
* 1. the bootloader will attempt to load and validate the header
* 2. if the header is invalid, status="invalid-update", goto #8
* 3. display the busy image on-screen
* 4. if the update image is invalid, status="invalid-radio-image", goto #8
* 5. attempt to update the firmware (depending on the command)
* 6. if successful, status="okay", goto #8
* 7. if failed, and the old image can still boot, status="failed-update"
* 8. write the bootloader_message, leaving the recovery field
* unchanged, updating status, and setting command to
* "boot-recovery"
* 9. reboot
*
* The bootloader will not modify or erase the cache partition.
* It is recovery's responsibility to clean up the mess afterwards.
*/
The bootloader is flashing itself, the recovery just informs it to do so.
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
efrant said:
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
Click to expand...
Click to collapse
Sure. I will edit it and try to flash it with verification off. If it works, I will let you guys know..
Great work here! Keep it up!
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
how i can used this file
??????????????????????????????????//
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
It's useless for now.
redstar3894 said:
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
Click to expand...
Click to collapse
Thanks a lot for your post. Altho I was told that unrevoked's exploit does not seem to work with the nexus one bootloader, as it differs way too much from the desires bootloader.
MicroMod777 said:
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
Click to expand...
Click to collapse
Unfortunately that does not the trick. The recovery just tells the HBoot to flash an radio/hboot - it can not do that itself, the HBoot still checks the signature.
/EDIT:
[10:28] <@IEF> Bumble-bee: the exploit currently does not work on N1.
[10:29] <@IEF> it's on of the few devices that's missing the interface to hboot.
[10:29] <@IEF> *one
The exploit used by AlphaRev doesn't work on the N1 unfortunately ;(
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
rolle3k said:
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
Click to expand...
Click to collapse
Thanks for your efforts thus far.
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
If you have to ask, then it's of no use to you. It's for development only at this stage, not for users.
I uploaded my IDA Database of the newst HBOOT: http://ul.to/yiynox
Security check function has been identified. I will upload my patched HBOOT tomorrow as I need to get some sleep now.
Can't we just dd the HBOOT like we do it on eMMC based devices?
Alright, so I have been reading for a couple of months now about rooting my HTC Evo 4G LTE. I'm on the the latest build, 2.13.651.1 7LORD and am eager to unlock the bootloader and root device (with S-Off), but still haven't found any confirmed steps to do so. Can somebody please point me in the right direction? I'm getting anxious to start customizing my themes, and using custom ROM's. Thanks for all the help!
You have to wait for soff since all available tools are wip but you can use HTC dev unlock. Regawmod is a one click solution but last I checked it doesn't work correctly on newer builds
Yeah, I know that much already... But what does unlocking the bootloader actually allow me to accomplish that I cannot already do on my device?
With an unlocked bootloader you can install Custom Recovery allowing you to install ROM's on your device.
ampreston85 said:
Yeah, I know that much already... But what does unlocking the bootloader actually allow me to accomplish that I cannot already do on my device?
Click to expand...
Click to collapse
Install custom recovery, acquire permanent root access, install custom ROMs, delete system apps, modify system files, make changes to the framework, use advance debug tools requiring root access. Overall you get a greater degree of customization. The only thing you can not do is flash firmware but you can either relock bootloader and run the latest ruu or flash a stock ROM and stock recovery, relock boot loader and accept ota
om4 said:
Install custom recovery, acquire permanent root access, install custom ROMs, delete system apps, modify system files, make changes to the framework, use advance debug tools requiring root access. Overall you get a greater degree of customization. The only thing you can not do is flash firmware but you can either relock bootloader and run the latest ruu or flash a stock ROM and stock recovery, relock boot loader and accept ota
Click to expand...
Click to collapse
Awesome, actually that is exactly what I was looking for. Sorry been a while since I did the whole Unlock, Custom Recovery and Custom ROM stuff with my OG Evo. Can any of you point me in the right direction for installing custom recovery? I think from there it's the same as with the OG Evo in regards to ROM's right? Just load recovery, wipe data/cache/dalvik, and flash ROM of your choice? Links & Directions are much appreciated! :laugh:
*Edit* I also noticed @ HTCdev.com that the HTC Evo 4G LTE is not in the list of devies to choose from when unlocking bootloader...
HTC Dev Unlock
Requirements
HTC Drivers
ADB Tools Mini SDK
Setup
Install HTC Drivers if necessary
Extract ADB Tools anywhere, doesnt matter
Open ADB Tools and hold shift+right click, select open command window here
In phone settings, enable usb debugging and disable fasboot
Connect the phone to pc
Steps
In the command window type adb start-server
Next type adb reboot bootloader
Select fastboot
Type fastboot devices to make sure you are connected
Type fastboot oem get_identifier_token
Right click and select mark, click and drag from the top arrows to the bottom arrows and make sure not to highlight any empty spaces as this will confuse the website, right click and it will be saved to clipboard
Now go to HTC Dev and if you don't already have an account, sign up for it
Go to unlock bootloader and select other supported models and accept the agreements
Skip the steps until you get the to token submit window and paste the token you copied earlier and submit.
Go to your email and download the unlock_bin code
Put the code in the ADB Tools folder
Type fastboot flash unlocktoken Unlock_code.bin
When the phone prompt comes up to unlock bootloader hit yes, now you are unlocked, re-enable usb debugging and disable fastboot
Type adb reboot bootloader
Type fastboot devices to make sure phone connected
Type fastboot flash recovery openrecovery-twrp-2.2.2.0-jewel.img
Type erase cache
Reboot phone and you will have unlock and recovery, all thats missing is to restart phone in bootloader and select recovery to flash a rom. Wipe Dalvik, cache, Factory reset, system and then install the rom. If it doesn't boot, extract the boot.img from the rom and put it in the adb folder and in fastboot type fastboot flash boot boot.img and reboot
i actually took the pioneer route and did all this manually. followed the instructions on HTCDev to unlock bootloader, then did the fastboot install of TWRP, then used TWRP to make a NAND backup of my stock setup and subsequently flashed the SuperSU zip (actually a zip that i customized to ONLY install SuperSU and not touch the map and youtube apps) through recovery and here i am. whole effort probably took about 20 minutes tops, including waiting on the backup (which only took about 3 minutes)
My only remaining questions, is which device do I select from the drop down @ http://www.htcdev.com/bootloader/. Our HTC Evo 4G LTE is not in the list of devices to choose from. Do I select the option "All Other Supported Models"?
Select other supported models just like it says in my previous post
om4 said:
Select other supported models just like it says in my previous post
Click to expand...
Click to collapse
LOL I read all the steps and must have looked over that. :silly: I can't wait. Imma start making custom themed roms with custom icons and everything. I can't wait. Thanks for your help! Any recommended ROM's to try out? :good:
Has anyone tried the Miui 4.1 for HTC Evo 4G LTE? I loved Miui for my OG Evo and would love to use Miui again!
ampreston85 said:
Has anyone tried the Miui 4.1 for HTC Evo 4G LTE? I loved Miui for my OG Evo and would love to use Miui again!
Click to expand...
Click to collapse
all the jb roms are pretty early in development, basically what doesn't work in the cm10 official nightlies will not work in miui since its based on cm10. Its usable but theres a few annoying issues and missing features but nothing showstopping
General Information
This Has Been Made To Help Those How Have No Clue What There Doing When Upgrading There Firmware Note And Want A One Click That Mimiks HTC RUU
New From Prism Pirate Chest of goodies here it is FUU For The HTC Evo 3D
FUU Definition
Firmware Update Utility
There are a few Firmware flashing threads and lots of zips and good and bad instructions. However, i noticed that many users asked about what they get when they flash what they download and also about how to flash it with S-OFF on various threads. This confusion has occasionally lead to people losing their custom kernels and custom recoveries and/or their SDcard partitions being unintentionally wiped.
I am writing this because i believe in "responsible" sharing. Since the full RUU's aren’t shared but only components (modified as well as unmodified) with often insufficient documentation, which in turn leads to a lot of confusion among the lesser informed users, i will try to catch some of that. I believe that sharing full RUU's would be a lot safer, as only those who actually know enough about it can disassemble them. RUU’s do always reassure users that there is a guaranteed and safe way to go back.
FUU How To
[*]Download the firmware you want
[*]then run the installer
[*]install it to folder you want to any folder will do
[*]then run the tool and upgrade or downgrade your firmware
Prerequisites:All you need is a Windows System with current drivers and maybe HTC Sync Manager installed, it is better to have HTC Sync uninstalled and only the drivers left. Just try if the FUU runs without HTC Sync. On my system, i am always greeted with an “Error 170" if i try to run the FUU on a booted Android - it doesn’t recognize the phone with ADB. This is a typical driver and/or ADB error. Solution here: make sure you have the latest driver suite. FailSafe way to get them is to install HTC Sync Manager (remove it if you don’t like it afterwards but leave the drivers in the sytem!).
ZIP Flash HowTo
Step-By-Step:1. If device is booted into Android, reboot into bootloader by running:
Code:
adb reboot bootloader
1.a Or else, if your device is in a different state or you just prefer the button method:
Press Power for 15 seconds and hold Vol Down at the same time, when the screen and charging LED go dark immediately release Power but keep holding Vol Down until you see the bootloader screen. Notice: If the device refuses to reboot, you might need to hold it to a bright light with its light sensor. This is a very specific bug in the HTC ONE. The light trick always works.
2. Now place the Firmware_named_something.zip into your adb/fastboot folder
3. Now run:
Code:
fastboot oem rebootRUU
4. Followed by:
Code:
fastboot flash zip Firmware_named_something.zip
(replace "Firmware_named_something.zip" with the name of your zip)
5. Now check the console output. It should approximately look like this:
“flush" certainly means “Flash" so press the arrow up key on your keyboard and enter to run the flash command again without reboot...
Important: the flash process halts at around 75% to 90% on phone screen! This is normal and a safety precaution! The last few percent is the reboot, which is NOT happening automatically, so you get a chance to check the console output before reboot to make sure it is safe to reboot! The bar will only fill up to 100% once you type the following command:
6.
Code:
fastboot reboot-bootloader
Error handling strategies:IF IT SAYS "FAILED" do not immediately reboot the device If you reboot with a FAIL it could not boot up anymore! It could brick! If no flash is being accepted you have to find out what is causing the malfunction before rebooting your phone. Keep it alive while trying to figure out the error. It might be your cable, your USB ports (dont use hubs! Always straight-to-mainboard connections), it might be USB 3.0 which is not good yet, it might be bad configuration of your ADB and Fastboot... there are many possible sources for flash fails.
The least dangerous FAILED messages are listed below and are safe to reboot:
Safe to reboot / Flash didn't happen Errors (if you encounter one of them, you can just reboot. Nothing changed):
- 12 signature fail (unknown yet but safe to reboot)
- 23 parsing image fail (means something wrong with the image in the zip)
- 32 header error (means the zip couldn’t be read and unzipped properly)
- 41 Wrong Model ID (means its not the right device)
- 42 Wrong Customer ID (wrong CID means you gotta swap cid first as explained below)
- 90 hboot pre-update (means it only flashed hboot and you have to run the process again immediately to flash all other partitions WITHOUT a reboot inbetween).
- 99 UNKOWN (is not yet clear but safe to reboot, might indicate a defunct S-OFF or S-ON)
- 155 you did not lock your bootloader (Needs a relock for S-ON phones that want to update the firmware.)
In fact, if it aborts before the "(bootloader) start image[hboot] unzipping & flushing..." line it actually didn't write anything and you can probably just reboot. If you see it flashing stuff though (the stages after that line) and then it stops with a FAILED, chances are a little higher that something is now broken. In that case do NOT reboot but do as i said above.
For Error 12 “signature fail" do:
- might indicate that a signed firmware package is required. This would only happen with S-ON phones though.
For Error 23 "parsing image fail" do:
- change image names in the zip to stock image names like “hboot.img" or “radio.img" or whatever failed there....
For Error 32 "header error" do:
- Sorry i haven’t found the exact cause yet and don’t know a definite solution.
- Make sure there is only one . (dot) in the filename, before the extension. fastboot reads anything after the first dot it sees as the extension. If that is not zip, it fails.
- If that doesn’t help, you can also try: make the zip new with recommended settings, re-run the command, check your connections...
For Error 42 "Wrong Customer ID" and: 41 "Wrong Model ID" do:
Code:
fastboot getvar all
Read that output, take note of your CID and MID and then edit the "android-info.txt" in your firmware.zip accordingly (For Wrong MID change the MID in the text, for wrong CID add your CID to the text).
For “Error 90 hboot pre-update..." do:
- Run the same flash command again which you just ran (press arrow up on your keyboard to get to the previous command in console)
- Don’t reboot in-between! (It wouldn’t brick you but it would just make you run the flash command twice again)
- This might be caused by the newer encrypted RUU's, they need their hboot to be flashed first so it can then decrypt the rest of the ROM.zip. Look at an encrypted ROM.zip from a RUU, you will notice that you can mostly extract the hboot without decrypting the ROM.zip, but you can't extract much else.)
For “Error 99 UNKNOWN" do:
- Check with other zip’s if they work!
- Check if your S-OFF is correct
- Tell me if you find out what’s causing an unknown error here!
For “Error 155 relock bootloader" do:
- run the fastboot command “fastboot oem lock" - only applies to S-ON phones that want to update the firmware. There a relocked bootloader is required. This error won’t show on S-OFF phones.
- Error 155 can also mean that you need SuperCID. On a few occasions this was shown when the RUU/FUU refused to run because of wrong region lock.
For “Error 170 Check USB" do:
- Sometimes shown when running a RUU or FUU. Indicates issues with drivers or ADB/Fastboot binaries. One way to solve is to run the exe with the phone already in Fastboot mode. Else you will have to dig into your windows driver system and try to fix there. Best option: re-install HTC Sync manager. Also, avoid USB 3 ports (the blue ones) - they have a complete new driver stack and that doesn’t work with ADB and Fastboot.
I always test all of these zips on my own device. But as always, flash at own risk. You're writing to critical parts of your phone. If anything goes wrong along the way, you might be bricked.
FUU Downloads (Windows only)
Update: added Hboot 1.58 FUU
Download
MD5: 995a8b883a5e39af471a93a84b4ff52d
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.57
Download
MD5: 87acbac59f169b32900e58f34e3390e1
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.50
Download
MD5: 233943ae4117d2fe64726afed8231b18
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.40
Download
MD5: 054e40f479b2075a20f12d5426d44bc3
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.30
Download
MD5: 04b13923379267a82d93cf913de62040
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.04 ENG
Download
MD5: 476a819ce37ff8fae2960de9dc2969a2
This FUU is A Stock Hboot. Contents: Hboot from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
CreditsThank You Sneakyghost For The Tool And The Op
ramjet73 My mentor for HBOOT Modding
ramjet73 For The Hboots Witch I Modify Of off
DisclaimerYou are aware that writing to the security protected partitions increases your risk to lose the device exponentially. You understand and agree that i cannot be held responsible for such or any other damages. The flash process is theoretically safe and tested on various phones at time of posting, however you are the brains behind the wheel and you are solely responsible for the execution of the process. I will not accept any responsibility. The method itself is developed by Google and HTC, i only provide access and information to it and you execute it.
You understand that you should not do it if you are not willing to accept this risk.
Five star guide flashalot much appreciated
Sent from my PG86100 using XDA Premium 4 mobile app
Nice job!! Thank you!
busventinc said:
Five star guide flashalot much appreciated
Sent from my PG86100 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Cant take credit for the guide thank @Sneakyghost
I just made the proper edits for the evo and my one s
newdad23 said:
Nice job!! Thank you!
Click to expand...
Click to collapse
No problem
Thanks so much for this Flashalot!
Question on these, apologize in advance if its off base or nonsense.
Currently have a friend who is running 1.58 hboot S-ON, unlocked bootloader (htcdev) with MIUI 3.2.22 ROM. Would it be possible to use these to downgrade his hboot version and run revolutionary S-OFF and/or install JB ROM? Or would it be best to relock, revert fully to stock and use JuopunutBear method?
Thanks in advance
snackle said:
Thanks so much for this Flashalot!
Question on these, apologize in advance if its off base or nonsense.
Currently have a friend who is running 1.58 hboot S-ON, unlocked bootloader (htcdev) with MIUI 3.2.22 ROM. Would it be possible to use these to downgrade his hboot version and run revolutionary S-OFF and/or install JB ROM? Or would it be best to relock, revert fully to stock and use JuopunutBear method?
Thanks in advance
Click to expand...
Click to collapse
This is for s-off only sorry this is what you need
http://forum.xda-developers.com/showthread.php?p=31617712 it has it instructions on how to s-off
Sent from my PC36100 using Tapatalk 2
Flashalot said:
This is for s-off only sorry this is what you need
http://forum.xda-developers.com/showthread.php?p=31617712 it has it instructions on how to s-off
Sent from my PC36100 using Tapatalk 2
Click to expand...
Click to collapse
Thanks for the quick reply Flashalot
Exactly what I was expecting but figured I should ask just in case. Thanks again for your time.
snackle said:
Thanks for the quick reply Flashalot
Exactly what I was expecting but figured I should ask just in case. Thanks again for your time.
Click to expand...
Click to collapse
FYI, depending on the current firmware level of the phone you may not be able to run an ruu after the 2.89 base (they don't exist) without being s-off. If jbear doesn't work for you see..
See my reference post in Unknownforce's Ultimate Unbricking and hboot Downgrade Tool thread. It is known to work by bricking it twice.
Sent from my TouchPad using Tapatalk
mpgrimm2 said:
FYI, depending on the current firmware level of the phone you may not be able to run an ruu after the 2.89 base (they don't exist) without being s-off. If jbear doesn't work for you see..
See my reference post in Unknownforce's Ultimate Unbricking and hboot Downgrade Tool thread. It is known to work by bricking it twice.
Sent from my TouchPad using Tapatalk
Click to expand...
Click to collapse
Thanks for the heads up mpgrimm2. I believe he has a nandroid backup from just after he completed the htc unlock, still running stock rom. If it does turn out to be 2.95.651.6, would he able to restore this nandroid and continue with jbear method?
I know jbear will need to be mostly stock if not full stock. That nand backup may work depending on if jbear requires a relock and stock recovery or not but I don't recall. Things got a little vague when they moved support off of xda to their own site and stopped supporting windows based installers.
I'm sure Ramjet73 had some FAQ's in his thread for the old windows version that would answer it though.
Either way I know Unknownforce's Tool will work for s-off.
Sent from my "Up All Night Sleep All Day" Nexus 5!
Index:
1st post: Root the HTC EVO 3D
2nd post: S-OFF and completely unlock the EVO 3D
Rooting the HTC EVO 3D
When it comes to only rooting the device, it works somewhat as easy as a nexus.
To the users who are already familiar with rooting, the (very) quick instructions are as follows:
► Unlock bootloader from htcdev.com
► Flash custom recovery
► Flash root
►► Easy huh? though so.
Click to expand...
Click to collapse
For the completely unfamiliar users, here's the real deal:
Prerequisites:
► You need ADB and fastboot: get the SDK from HERE that has it all.
► Alternatively: get the portable ADB and fastboot from HERE, but i don't offer support for those. (Thanks for the mysterious user who uploaded them to box).
► You need either 4EXT or CWM recoveries... your choice (thanks @monx®)
► You need the root binary, get SuperSU zip file.
Click to expand...
Click to collapse
Unlock the Bootloader:
► After setting it all up, pick up your EVO 3D, go to settings, development options, and turn on USB Debugging.
► Open up a cmd on PC, and type this:
Code:
adb reboot bootloader
►► This will make the phone reboot to bootloader.
► After it has booted, hit the power button to go to fastboot (don't press and hold, just press a small click)
► If you see FASTBOOT at the top, and not FASTBOOT USB, click the volume buttons to go up and down so that the screen refreshes into FASTBOOT USB at the top... if that makes any sense
► Type this into the cmd:
Code:
fastboot oem get_identifier_token
►► This will give you a bunch of numbers, i can't explain this better than HTCDevs themselves, so go exactly HERE and follow their guide (you need to be signed in to their website to be able to view the instructions)
► So after you hit submit and get the unlock_code.bin do this:
Code:
fastboot flash unlocktoken Unlock_code.bin
►► Again.. HERE is the HTC guide, but in short: after executing this command, use the volume buttons to select yes, and press the power button to select it.
►► I cannot stress this enough... THE ABOVE STEP WILL WIPE ALL OF YOUR DATA!!!... Should i make this a size 7? you won't like it.
Click to expand...
Click to collapse
Flash a custom recovery:
►► You have two options for recoveries here: 4EXT, and CWM (or ClockWorkMod). Personally, i prefer 4EXT.
► Execute this command:
Code:
fastboot flash recovery NAME.img
►► NAME is the actual name of your recovery .img file.
Click to expand...
Click to collapse
R00T!
► You're now in fastboot, highlight bootloader and press the power button
►► You should wait a bit for the unlocked bootloader to make its scans
► Select recovery from there and press the power button to boot to it
► Remember the SuperSU zip file we downloaded earlier? We need to put that on the phone's sdcard. Two ways:
1) Take out the sdcard from the phone, plug it in the PC, and put the zip there
2) Toggle USB storage (for 4EXT) or mount USB storage (for CWM) while plugged in to the PC to access the sdcard from there and put the zip there
► Now hit back till you get to the first menu
► Select install zip from sdcard
► Choose zip from sdcard
► Look for the SuperSu zip file and select it, then hit yes
►► After flashing, comes the REALLY hard part:
► Hit back to the first menu
► Select reboot system now (VERY hard! )
Click to expand...
Click to collapse
You're rooted!
Why another guide? Well... I didn't find any guide that really helped me understand what i should do to update from ICS to JB or KK or whatever... So i started doing things by myself, i did it with 2 3 HTC Evo 3Ds and both worked fine at the end, so i started writing this guide... have fun! Thread also available at rirozizo.blogspot.com (WITH PICTURES!)
Scenario: You're on ICS, latest update, latest bootloader. You're either on stock ROM, or custom ROM. Your bootloader is locked or unlocked. You're S-ON.
Solution: S-OFF your bootloader, downgrade it, get ICS+ ROMs (like JB or KK)
Time to do the process: I did it in 1 Hour 15 Minutes
Requirements: Linux OS (either native, dual booted (ME!), or LiveCD... You pick), HTC Evo 3D, USB Cable (with data transfer support), an internet connection for the downloads, an microSD, and wire.
WARNING: It is important to backup all the contents that are on your microSD before doing anything. I did the wire trick on two Evo 3Ds, and one of them corrupted the microSD, so we had to format it.
Now let's start.
►In Linux, download adb and fastboot using "sudo apt-get install android-tools-adb" and "sudo apt-get install android-tools-fastboot".
►Download THIS flashable root .zip file (don't extract that... please)
►Download juopunutbear's (Call that "juo" ) wire trick script HERE and extract it. (pick the appropriate .tgz file for your device)
►Download a ROM to your liking (ICS, JB, KK, Froyo... you can do anything after this guide )
►Transfer both the ROM and the root to your phone... keep juo on PC
►Go to unlimited.io and learn how to do the wire trick there.
►Download THIS PG86IMG.zip file, DON'T DO ANYTHING TO IT!
Click to expand...
Click to collapse
Note: To flash on Rogers, you can just mod the model ID from PG8630000 to PG8631000 in the zip file, so sometimes you should DO something
Backup if you need to
►►You can backup your apps using any app-backup app, we won't go through it
►►Go to recovery
►Type "adb reboot recovery"
►►Make a NANDROID Backup
►Go to "backup and restore", and backup.
►►It took 733 seconds to finish the huge backup i was doing... so yeah... take a bath or something in the mean time.
►PLEASE, transfer the backups you made to your PC, don't leave them on the microSD just to be on the safe side
Click to expand...
Click to collapse
Get to stock rooted (Skip if you're already on stock)
If you're on a custom ROM, you'll need to flash stock... not just any stock... but RUU stock.
►Get the RUU that is for your phone (you may google that)
►►Here's a tip: type "fastboot getvar all" and look for "(bootloader) version-main:"... check the number next to it, and download the RUU that has that number.
Now flash RUU... flash? yes... FLASH!! How? via fastboot... What? Yes!
►Get to fastboot (turn the phone off, hold power and volume down), plug it in the PC
►Type this in a terminal "fastboot oem lock"
►►Now your bootloader is locked, we can flash RUU
►Open up the RUU.exe from windows
►Hit next two times (you're gonna have to check some checkboxes too), and leave it open
►►Don't start any process from it, just keep it there
►Open a file explorer (Like My Computer, or whatever...)
►Type in the path textbox "%TEMP%"
►Sort the files by "date modified" and open the first folder you see there
►►You'll see a bunch of files there, and probably a folder too
►Look for "rom.zip" (you might even go to that folder too to check inside it)
►Copy "rom.zip" to somewhere easily accessible
►►Now back to linux
►Type "fastboot erase cache"
►Once that's done type "fastboot oem rebootRUU"
►►You'll see a black screen with a silver HTC in the middle
►Type "fastboot flash zip X" where X is the path to the rom.zip file we got earlier.
►Now leave it there
►►It took me 426.617 seconds for the process to finish... you may go eat something... maybe relax in the bathroom if you want
►►Now once the terminal says it's done, you might see the HTC green progress bar stuck at 95%... don't worry, it's nothing... it's a bug in RUU mode, so just type "fastboot reboot" and you'll reboot to stock ROM.
Click to expand...
Click to collapse
I'm on stock ROM... now what?
ROOT DAT STOCK! (Optional, but i did it just in case)
►►So now we need to root the stock ROM we have.
►►To root, we need to unlock bootloader first.
►Go to htcdev.com and follow the guide there to unlock your bootloader
►Once that's done, download THIS recovery and flash in fastboot it using "fastboot flash recovery cwm.img"
►Once that's done, hit "BOOTLOADER" in the list (using the power button), wait for about 5 seconds, then hit "RECOVERY"
►►You're now in CWM recovery.
►►Now that you're inside the recovery, volume up is up, volume down is down, power is enter
►Go to install zip from sdcard
►Choose zip from sdcard
►Locate the root .zip file we transfered earlier
►Hit the "yes" button hidden between these "no no no" buttons
►►You might want to repeat the flashing process if it gives an error... Second time is guaranteed to work
►►You're now rooted.
►"***Go back***" to the first menu, and "reboot system now".
Click to expand...
Click to collapse
S-OFF
►Once booted, go to settings, developer options, and enable USB debugging there
►Then in linux, navigate to where we extracted juo's zip, and open a terminal there
►Type these commands "chmod 755 ControlBear" and hit enter
►The type "./ControlBear" and hit enter
►►Now it'll guide you through... it keeps saying "beer beer"... yeah... the dev likes to have fun, like me
►When it says "Do the wire trick now" do it (using unlimited.io's guide).
Click to expand...
Click to collapse
IMPORTANT: If the script errors out with a "Still sober" error... just redo the script, it'll succeed then...
FINALLY, YOU ARE S-OFFed... too much caps huh? oh well... It was a long process... you can start feel the sense of accomplishment there.
Downgrade to BL 1.49
►►Now to downgrade bootloader to 1.49....
►►Remember that PG86IMG.zip file?
►Put it on the root of your sdcard (so don't put it inside any folder)
►Boot to bootloader
►Press BOOTLOADER button...
►Now we wait until the installation is finished... of course, press YES when it says so.
►►You're now on bootloader 1.49, S-OFFed, and with a custom recovery...
Click to expand...
Click to collapse
Well? What are you waiting for? Go flash a Kitkat ROM! GO!!
NOTE: You might wanna get 4EXT recovery to be able to flash kitkat ROMs, good luck!
If you're already on ics you don't need to flash ruu.
For the wire trick it's not necessary to root the device.
All you have to do before is to unlock via htcdev.
For downgrading I'd recommend juopunutbear gb hboot from their site.
tom0769 said:
If you're already on ics you don't need to flash ruu.
For the wire trick it's not necessary to root the device.
All you have to do before is to unlock via htcdev.
For downgrading I'd recommend juopunutbear gb hboot from their site.
Click to expand...
Click to collapse
you need to be on full stock for juopunutbear to work, otherwise it'll say be on stock...
you need to be rooted for juopunutbear to work, otherwise it'll say be rooted...
and i think the script os different between ICS and GB... not just hboot... meh
Sent from my Nexus 4
Good but if you want KK ROM, you must use the latest 4EXT recovery touch, otherwise it will fail
Also this recovery is much easier for use then CWM
Benik3 said:
Good but if you want KK ROM, you must use the latest 4EXT recovery touch, otherwise it will fail
Also this recovery is much easier for use then CWM
Click to expand...
Click to collapse
oh? didn't know that thanks!
I'll update the guide as soon as i can (fix links and add 4EXT)
Sent from my Nexus 4
rirozizo said:
you need to be on full stock for juopunutbear to work, otherwise it'll say be on stock...
you need to be rooted for juopunutbear to work, otherwise it'll say be rooted...
and i think the script os different between ICS and GB... not just hboot... meh
Sent from my Nexus 4
Click to expand...
Click to collapse
In the OP you stated "Scenario: You're on ICS, latest update, latest bootloader", so I'd assume it's already stock ICS.
I did the wire trick on 2 EVOs, just unlocked, not rooted (as stated on juopunut site).
The gb hboot I mentioned is the 1.49.9999 hboot (look here) for downgrading afterwards.
tom0769 said:
In the OP you stated "Scenario: You're on ICS, latest update, latest bootloader", so I'd assume it's already stock ICS.
I did the wire trick on 2 EVOs, just unlocked, not rooted (as stated on juopunut site).
The gb hboot I mentioned is the 1.49.9999 hboot (look here) for downgrading afterwards.
Click to expand...
Click to collapse
i S-OFFed two EVOs, both were on KingCobra ICS ROM... so don't assume stock...
Sent from my Nexus 4
rirozizo said:
i S-OFFed two EVOs, both were on KingCobra ICS ROM... so don't assume stock...
Sent from my Nexus 4
Click to expand...
Click to collapse
Yep, but if someone is already on stock, he could skip the ruu step.
Also it's not necessary to root the stock rom when you want to flash a custom rom that is already rooted.
I did the steps as follows (in short):
- unlock bootloader (the htcdev method)
- do the wire trick (controlbear)
- flash the juopunutbear hboot in fastboot (1.49.9999)
- flash the recovery image in fastboot (latest 4ext)
- flsh any custom rom
Starting point on both phones was stock ics locked, s-on, hboot 1.53.0007
Don't get me wrong, I only wanted to help to get your guide a little leaner.
tom0769 said:
Yep, but if someone is already on stock, he could skip the ruu step.
Also it's not necessary to root the stock rom when you want to flash a custom rom that is already rooted.
I did the steps as follows (in short):
- unlock bootloader (the htcdev method)
- do the wire trick (controlbear)
- flash the juopunutbear hboot in fastboot (1.49.9999)
- flash the recovery image in fastboot (latest 4ext)
- flsh any custom rom
Starting point on both phones was stock ics locked, s-on, hboot 1.53.0007
Don't get me wrong, I only wanted to help to get your guide a little leaner.
Click to expand...
Click to collapse
yeah yeah sure, I'm not getting you wrong...
I'll update the guide soon, I'll add "optional" after the stock title... and add "optional" after rooting (that's what i did so i think I'll just keep it)
thanks for the help
Sent from my Nexus 4
rirozizo said:
i S-OFFed two EVOs, both were on KingCobra ICS ROM... so don't assume stock...
Sent from my Nexus 4
Click to expand...
Click to collapse
Yup i even S-Off from mwakious3Drom® ROM! I tried and thank god it worked as getting back to stock was too much of a trouble lol.
Oh and about 4EXT recovery yes you do need the latest as i couldn't instal the Cyanogenmod 4.4 without the latest update.
If i downgrade to 1.49 with this - HTC EVO 3D GSM (shooteru) GB HBOOT - 1.49.9999 , what version do i need to choose on revolutionary website 1,49,0007 or 1,49,0008
g3ar said:
If i downgrade to 1.49 with this - HTC EVO 3D GSM (shooteru) GB HBOOT - 1.49.9999 , what version do i need to choose on revolutionary website 1,49,0007 or 1,49,0008
Click to expand...
Click to collapse
there was no mention of revolutionary in this guide
ye.. my fault i read it few times and then i understand what i need to do and how
tom0769 said:
Yep, but if someone is already on stock, he could skip the ruu step.
Also it's not necessary to root the stock rom when you want to flash a custom rom that is already rooted.
I did the steps as follows (in short):
- unlock bootloader (the htcdev method)
- do the wire trick (controlbear)
- flash the juopunutbear hboot in fastboot (1.49.9999)
- flash the recovery image in fastboot (latest 4ext)
- flsh any custom rom
Starting point on both phones was stock ics locked, s-on, hboot 1.53.0007
Don't get me wrong, I only wanted to help to get your guide a little leaner.
Click to expand...
Click to collapse
I followed these steps, everything was a success, but i m having problem flashing recovery image in fastboot? 4ext? I cannot seem to find this file i need? Other i have tried just hangs. It says my device is not rooted. So do i need to flash recovery before it' rooted?
Thanks.
rethan2 said:
I followed these steps, everything was a success, but i m having problem flashing recovery image in fastboot? 4ext? I cannot seem to find this file i need? Other i have tried just hangs. It says my device is not rooted. So do i need to flash recovery before it' rooted?
Thanks.
Click to expand...
Click to collapse
Here you can find the latest 4ext. Flash it and you can install every rom. Root is not required because all custom roms are pre-rooted.
Code:
fastboot flash recovery 4EXT_Recovery_Touch_v1.0.0.6_RC1.img
Sent from my Evo 3D
mhnx said:
Here you can find the latest 4ext. Flash it and you can install every rom. Root is not required because all custom roms are pre-rooted.
Code:
fastboot flash recovery 4EXT_Recovery_Touch_v1.0.0.6_RC1.img
Sent from my Evo 3D
Click to expand...
Click to collapse
OK thanks a mil, sorted now!
Can i do this in windows? i don't have other pc with linux or something like that...
XeNNz said:
Can i do this in windows? i don't have other pc with linux or something like that...
Click to expand...
Click to collapse
you're gonna have a bad time:
-juo dropped support for windows
-windows needs drivers... they act weird on fastboot
-a VM won't do too as the drivers of windows will be needed... which act weird
Sent from my Nexus 4
So..i have to give up. Thank you for fast reply !